api: datastore status: adhere to NS privs for non-owner

Not only check all owned backup groups, but also all that an auth_id has DATASTORE_AUDIT or DATASTORE_READ on the whole namespace. best viewed with whitespace change ignore (-w) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-05-19 12:32:27 +02:00 · 2022-05-19 12:32:27 +02:00 · f12f408e91
parent 71cad8cac0
commit f12f408e91
1 changed files with 26 additions and 21 deletions
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@ -615,30 +615,35 @@ pub fn list_snapshots(

 fn get_snapshots_count(store: &Arc<DataStore>, owner: Option<&Authid>) -> Result<Counts, Error> {
    let root_ns = Default::default();
-    ListAccessibleBackupGroups::new(store, root_ns, MAX_NAMESPACE_DEPTH, owner)?.try_fold(
-        Counts::default(),
-        |mut counts, group| {
-            let group = match group {
-                Ok(group) => group,
-                Err(_) => return Ok(counts), // TODO: add this as error counts?
+    ListAccessibleBackupGroups::new_with_privs(
+        store,
+        root_ns,
+        MAX_NAMESPACE_DEPTH,
+        Some(PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ),
+        None,
+        owner,
+    )?
+    .try_fold(Counts::default(), |mut counts, group| {
+        let group = match group {
+            Ok(group) => group,
+            Err(_) => return Ok(counts), // TODO: add this as error counts?
+        };
+        let snapshot_count = group.list_backups()?.len() as u64;
+
+        // only include groups with snapshots, counting/displaying emtpy groups can confuse
+        if snapshot_count > 0 {
+            let type_count = match group.backup_type() {
+                BackupType::Ct => counts.ct.get_or_insert(Default::default()),
+                BackupType::Vm => counts.vm.get_or_insert(Default::default()),
+                BackupType::Host => counts.host.get_or_insert(Default::default()),
            };
-            let snapshot_count = group.list_backups()?.len() as u64;

-            // only include groups with snapshots, counting/displaying emtpy groups can confuse
-            if snapshot_count > 0 {
-                let type_count = match group.backup_type() {
-                    BackupType::Ct => counts.ct.get_or_insert(Default::default()),
-                    BackupType::Vm => counts.vm.get_or_insert(Default::default()),
-                    BackupType::Host => counts.host.get_or_insert(Default::default()),
-                };
+            type_count.groups += 1;
+            type_count.snapshots += snapshot_count;
+        }

-                type_count.groups += 1;
-                type_count.snapshots += snapshot_count;
-            }
-
-            Ok(counts)
-        },
-    )
+        Ok(counts)
+    })
 }

 #[api(